On Sat, 30 Nov 2013, madu...@gmail.com wrote:
I am in the process to acquire and implement network infrastructure solution by upgrading the Firewall/UTM with a very high forwarding rate firewall at least 40Gbps, by using the following (TECHNICAL SPECIFICATION)
Sounds like you really should consider doing an RFP with the big firewall vendors who have products that match or are somewhat close to your specifications (Cisco, Juniper, Fortinet, and Palo Alto most immediately come to mind). Let their sales/engineering teams do what they are paid to do.
You are likely to get Cisco-centric responses since you posted this to the cisco-nsp list ;)
Also keep in mind that you might be able to save money and reduce exposure by spreading your anticipated traffic across multiple devices, rather than one pair of the biggest boxes that $vendor currently makes.
Also be aware that some of the services you mentioned (anti-spyware, etc) are often offered as a subscription service that might represent an additional cost that needs to be taken into account beyond things like support contracts and licensing costs.
Data Center Firewalls/UTM 1. Frewall throughput minimum 40Gbps. 2. VPN throughput 17Gbps 3. Support up to 6 million concurrent sessions. 4. Support up to 2000 IPSec VPN peers.
Is that traffic as of today, or are you for planning for traffic growth over the anticipated lifetime of the firewalls?
11. Firewall system must be able to provide stateful inspection capabilities
This suggests that you will be able to provide some level of traffic symmetry into and out of the firewalls. Asymmetric traffic doesn't work well (read: at all) on stateful firewalls in many cases.
12. Firewall system must be able to support Network Address Translations (NAT)
I'm assuming this is a generic bullet point for all of the different flavors of NAT that you might need to support? If you're looking for CGN/LSN, you might be looking at separate boxes just for that.
13. Firewall system must be capable of supporting the following management methods: a. WebUI (HTTP and HTTPS)
A web UI that is as platform and browser agnostic as possible might also be important to you. Many vendors use Java for their UI (Cisco ASDM, for example). If any FW vendor builds their web UI using ActiveX, I'd like to know, so I never buy from them. Plan your pain expectations accordingly.
b. Command line interface (console) c. Command line interface (telnet) d. Command line interface (SSH) e. Centralized Management Solution. 14. Firewall system must be capable of preventing Denial of Service attacks.
Firewalls are just one part of the solution here. If you're dealing with inbound packet love, you will still have to with with entities further upstream to identify and stop the offending traffic.
15. Must Support Virtual domains / Security zones Min. 10/250 16. Must Support DLP 17. Must Support Web Filtering / Content Filtering 18. Anti (Virus, Spams, Malware, Spyware) 19. Logging management capability 20. Load balancing capability
Define "load balancing". I'm not saying his to be difficult, but load balancing means different things to different people.
21. System must support SNMP (v 1,2,3). 22. Internal storage Min. 60GB
I saw no mention of IPv6 support in your specs. In 2013, there is no excuse that I would accept from any FW vendor for not having IPv6 support in their products today. Not "next release", not "it's on the roadmap", etc.
The above spec could apply to juniper, cisco, hp, xtreme ...etc, any recommendation should I add/adjust to my TECHNICAL SPECIFICATION. -mad _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
